The Third Circuit has issued the first Appellate court decision on the standard by which government agents may compel the disclosure of cell phone subscribers’ location data, i.e., records of the cell towers with which a phone communicates that indicate the phone’s physical location. In The Matter Of The Application Of The United States Of America For An Order Directing A Provider Of Electronic Communication Service To Disclose Records To The Government. The majority held that Magistrate Judges (MJs) may choose whether to impose a warrant requirement on government agents who seek location data or instead to permit them to satisfy a lower statutory standard (under 18 U.S.C. § 2703(d)) that requires “specific and articulable facts showing … reasonable grounds to believe that the … records … are relevant and material to an ongoing criminal investigation.” (D order standard.) The majority remanded to the MJ who had first considered the government’s application to require either a warrant based on probable cause or to impose the D order standard and then to determine whether the government’s application satisfies the chosen requirement. The majority also directed the MJ to make factual findings and provide an explanation if it demands a warrant.

The issues here are complex so it may not be immediately clear whether the decision represents a win for communications privacy. In fact, the decision contains important privacy gains, although more remains to be done. In what follows, I explain the decision and its significance by addressing the following issues: 1) the parties and their arguments, 2) the court’s statutory analysis 3), the court’s constitutional analysis, and 4) what happens next.

1) The Parties and their Arguments

The government is the only traditional party in the case. Applicable law permits agents to seek orders from MJs to compel cell phone service providers (like Sprint or Verizon) to disclose stored location data without ever notifying the person whose records they seek (the target). In February, 2008, a MJ in the Western District of Pennsylvania denied the government’s application for location data, because the government failed to establish probable cause for a warrant. The government appealed to the District Court, arguing that MJs must grant orders to compel location data whenever the government meets the D order standard, which is easier to satisfy than probable cause.

Before the District Court heard the government’s appeal, however, it invited amici curiae to oppose the government: The Electronic Frontier Foundation represented itself and three other online civil liberties groups, and I weighed in as a law professor who has taught and written on the issues. Ultimately, the District Court affirmed the MJ’s denial, which set the stage for the government to appeal to the Third Circuit. Civil Liberties Amici and I submitted briefs in the Third Circuit and participated in oral arguments there in February.

I argued that the government must always establish probable cause and obtain a warrant, as the lower courts had held. The Civil Liberties Amici argued that if the Third Circuit was not prepared to require a warrant in every case (it wasn’t), it should recognize that MJs may, in their discretion, require a warrant before compelling disclosure of location data, or they may grant such orders under the D order standard. The majority adopted the approach the Civil Liberties’ Amici advocated.

2) The Court’s Statutory Analysis

A confusing part of the majority’s opinion is its lengthy discussion of whether § 2703(d) even applies to location data, despite agreement by the government and Civil Liberties Amici that it does (I didn’t address the statute because I focused on the constitutional question). The MJ had found location data to be outside the scope of 2703(c), which covers “records concerning [an] electronic communication service.” Instead, and like several other MJs, the MJ in this case had treated the location data in the case as collected by a “tracking device” and applied the warrant requirement of Federal Rule of Criminal Procedure 41. The majority rejected the MJ’s analysis and affirmatively found location data information “obtainable under a 2703(d) order.” One could read the majority’s discussion (on page 17 of the slip op) to mean that the relevance and materiality standard described in the text of 2703(d) should apply in all cases, but the rest of the decision clarifies that, while MJs should generally use the relevance and materiality standard, they retain the option, “to be used sparingly,” to require a warrant when needed.

As compared to permitting the government to compel disclosure of location data without ever needing to establish more than the D order standard, the result here is a significant privacy win. As one MJ who has written some of the most thorough and compelling decisions in this area recently testified before Congress, the MJs have varied quite a bit in how much they have pushed back on government demands for location data, but a large number of them have resisted what they perceive to be executive branch overreaching. This case, which the court itself describes as precedential, gives those MJs appellate court authority to deny orders they view as excessively intrusive. It also dramatically weakens the government’s claim to warrantless access to other types of new communications data.

3) The Court’s Constitutional Analysis

Because the majority’s ruling permits MJs to demand a warrant as a matter of statutory construction, the decision did not reach the constitutional question (as MJ Orenstein recently did – see below). However, the majority’s discussion of the Fourth Amendment precedents must be read closely because they provide guidance to MJs, including the MJ on remand, on when to view the demand for location data as intruding upon reasonable expectations of privacy and thereby requiring a warrant under the Fourth Amendment. Moreover, as one of a very few appellate decisions to apply Fourth Amendment rights in the context of new communications technologies, its reasoning will be influential in future cases that consider new technologies and raise constitutional questions. Overall, the majority’s Fourth Amendment interpretation represents a big win for privacy.

Most importantly, the majority rejected application of either a broad “third party” rule from United States v. Miller (U.S. 1976) or a broad “non-content” rule from Smith v. Maryland (U.S. 1979), either of which would have severely limited privacy. The majority could have agreed with the government that there is no Fourth Amendment interest in location data, either because the data are found in service provider (third party) records or because the records do not constitute the contents of conversations. I have argued against such broad readings of those 1970’s precedents, as a matter of doctrine (here) and because they are indefensible analytical shortcuts to a full constitutional analysis (here). But the government has argued (with some success in a few lower court cases) that the Smith and Miller precedents make the case easy (and Orin Kerr has agreed in a recent posting). The majority’s rejection of that claim is a huge victory, because acceptance of it would severely limit the privacy of online communications, most of which are stored with third parties and much of which is not the contents of conversations.

To quickly summarize, the majority recognized that location data records are not like bank records (Miller) or dialed telephone numbers (Smith), and that cell phone users do not assume the risk of disclosure of their stored location data. Unlike the defendants in Smith and Miller, cell phone customers do not “voluntarily” share in “any meaningful way” their location data with their providers. In addition, the majority summarized Smith and Miller in ways that limited them to their facts. Again, the Third Circuit’s narrow reading of Smith and Miller and rejection of their applicability will have lasting and positive significance for online privacy.

The majority’s treatment of the bumper beeper tracking cases was mixed. On the one hand, the majority rejected the idea that the location data itself has to precisely indicate when someone is in her home to violate the Fourth Amendment, and instead recognized that agents may use location data to infer that the target is in her home by the patterns such data reveal (such as a series of calls made close to the same cell tower between 7 pm. and 7 am.). On the other hand, the court concluded that “the privacy interests at issue are confined to the interior of the home” without considering that information gathered outside the home can also implicate the Fourth Amendment. As a result, the court refused to find that location data disclosure necessarily implicates the Fourth Amendment, because there was “no evidence in th[e] record that historical [location data], even when focused on cell phones that are equipped with GPS, extends to that realm [the home].”

Two recent decisions have taken more expansive views of when location information gathering constitutes a search under the Fourth Amendment. In United States v. Maynard, the D.C. Circuit held that gathering location information using a GPS tracking device on a car represents “prolonged surveillance” that requires a warrant under the Fourth Amendment, because it reveals patterns of activity and permits the creation of an intimate picture of the target’s life. (The 9th Circuit recently came out differently, over a blistering dissent by Judge Kozinski who dramatically and appropriately invoked Orwell). Just two weeks ago, Magistrate Judge Orenstein, in the Eastern District of New York, applied Maynard’s reasoning in a comprehensive and compelling decision that found the Fourth Amendment to require a warrant based on probable cause for access to location data.

What Happens Next

Unlike the D.C. Circuit and Judge Orenstein, the Third Circuit majority was unwilling to hold that acquisition of location data in this case necessarily constitutes a search that requires a warrant based on probable cause. The majority found the factual record incomplete – in fact the majority noted that the MJ hadn’t made factual findings of whether the D order standard was met, let alone whether there was probable cause. As mentioned, the majority remanded to the MJ, with directions to determine the appropriate standard (probable cause or D order standard) and then apply it. The standard must turn on the facts, in that the majority was unwilling to say that “by definition” location data “requires probable cause for its production.”

Upon remand, the MJ will need to determine whether the order sought implicates the Fourth Amendment, which will depend on how she applies the reasonable expectations of privacy test (I’ve offered suggestions on how to do that here). It may depend on exactly what the location data will include (the precision of the picture painted by the location data), which was hotly contested throughout the litigation.

Could criminal lawyers use this kind of technology as evidence in a case? And how would they get this kind of information? I know the importance of proving where you are when something happened, but I always found it being possible to pull personal phone records, conversations, locations and other information kinda creepy…

An ex-boyfriend of mine had an app that was supposed to be a friend’s-cell-phone-locator but he really used it to find out when his roommate would be coming home so that we could be alone and not be interrupted, if you know what I mean. It was hilarious. I didn’t even know those apps existed until now!